Request for generic engine support

John Dickinson jad at
Fri May 9 14:42:40 EST 2008

On 9 May 2008, at 03:36, Mccue, Richard Alan wrote:

>> How do you feel about PKCS#11 ?
> I'm not sure the device I'm working with fits well with the PKCS#11  
> token interface. The device is a little more complicated than a  
> smartcard. It can handle multiple private keys. If a dozen apps all  
> have different private RSA keys, each app can load its key  
> separately and have the device encrypt/decrypt with it. PKCS#11 is  
> on my list of things to investigate more deeply. Maybe later this  
> year I'll understand PKCS#11 a little better.

Can you tell us what the device is and/or what engine you are trying  
to use?

It sounds like an HSM - if it is then it almost certainly supports  
pkcs11. Using a pkcs11 enabled version of OpenSSH will most likely be  
easier than trying to support every different OpenSSL engine that a  
user might decide to use.

John Dickinson

More information about the openssh-unix-dev mailing list